Anonym-tsk
commented
1 month ago Пожалуйста покажите вывод
uname -a
cat /proc/cpuinfoClosed masyanich closed 1 month ago
Anonym-tsk
commented
1 month ago Пожалуйста покажите вывод
uname -a
cat /proc/cpuinfo
masyanich
commented
1 month ago Linux OpenWrt 5.15.167 #0 SMP Mon Sep 23 12:34:46 2024 i686 GNU/Linux
root@OpenWrt:~# cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 21 model : 96 model name : AMD Opteron(tm) X3216 APU stepping : 1 microcode : 0x600611a cpu MHz : 1597.002 cache size : 1024 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fdiv_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm rep_good cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c hypervisor lahf_lm cmp_legacy svm cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw xop fma4 tbm perfctr_core ssbd ibpb vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 xsaveopt virt_ssbd arat npt nrip_save arch_capabilities bugs : fxsave_leak sysret_ss_attrs spectre_v1 spectre_v2 spec_store_bypass retbleed bogomips : 3194.00 clflush size : 64 cache_alignment : 64 address sizes : 48 bits physical, 48 bits virtual power management:
Anonym-tsk
commented
1 month ago А покажите еще
cat /etc/opkg/distfeeds.confroot@OpenWrt:~# cat /etc/opkg/distfeeds.conf src/gz openwrt_core https://downloads.openwrt.org/releases/23.05.5/targets/x86/generic/packages src/gz openwrt_base https://downloads.openwrt.org/releases/23.05.5/packages/i386_pentium4/base src/gz openwrt_luci https://downloads.openwrt.org/releases/23.05.5/packages/i386_pentium4/luci src/gz openwrt_packages https://downloads.openwrt.org/releases/23.05.5/packages/i386_pentium4/packages src/gz openwrt_routing https://downloads.openwrt.org/releases/23.05.5/packages/i386_pentium4/routing src/gz openwrt_telephony https://downloads.openwrt.org/releases/23.05.5/packages/i386_pentium4/telephony
Anonym-tsk
commented
1 month ago Проверяйте в версии 2.3.3
masyanich
commented
1 month ago nfqws-keenetic_2.3.3_all_openwrt.ipk
root@OpenWrt:~# service nfqws-keenetic status Service NFQWS is running
oot@OpenWrt:/etc/nfqws# iptables-save | grep "queue-num 200" -A POSTROUTING -o br-lan -p udp -m udp --dport 443 -m connbytes --connbytes 1:8 --connbytes-mode packets --connbytes-dir original -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass -A POSTROUTING -o br-lan -p tcp -m tcp --dport 443 -m connbytes --connbytes 1:8 --connbytes-mode packets --connbytes-dir original -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
в авто-листе тишина, он его не подтянул. как подлечить?
Anonym-tsk
commented
1 month ago Для начала в лог посмотреть, идут ли туда запросы. То что в авто листе ничего не добавлено - это нормально, нужно время
masyanich
commented
1 month ago это интерфейс
br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 02:11:32:27:90:33 brd ff:ff:ff:ff:ff:ff
inet 192.168.209.188/24 brd 192.168.209.255 scope global br-lanroot@OpenWrt:/etc/nfqws# cat nfqws.conf
# Provider network interface, e.g. eth3
# You can specify multiple interfaces separated by space, e.g. ISP_INTERFACE="br-lan"
ISP_INTERFACE="br-lan"
# All arguments here: https://github.com/bol-van/zapret (search for `nfqws` on the page)
# HTTP(S) strategy
NFQWS_ARGS="--dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-split-pos=1 --dpi-desync-fooling=md5sig,badseq --dpi-desync-fake-tls=/etc/nfqws/tls_clienthello.bin"
# QUIC strategy
NFQWS_ARGS_QUIC="--dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-cutoff=d4 --dpi-desync-fooling=badsum --dpi-desync-fake-quic=/etc/nfqws/quic_initial.bin"
# auto - automatically detects blocked resources and adds them to the auto.list
NFQWS_EXTRA_ARGS="--hostlist=/etc/nfqws/user.list --hostlist-auto=/etc/nfqws/auto.list --hostlist-auto-debug=/var/log/nfqws.log --hostlist-exclude=/etc/nfqws/exclude.list"
# list - applies rules only to domains in the user.list
#NFQWS_EXTRA_ARGS="--hostlist=/etc/nfqws/user.list"
# all - applies rules to all traffic except domains from exclude.list
#NFQWS_EXTRA_ARGS="--hostlist-exclude=/etc/nfqws/exclude.list"
# IPv6 support
IPV6_ENABLED=0
# HTTP support
HTTP_ENABLED=0
# QUIC support
QUIC_ENABLED=0
# Syslog logging level (0 - silent, 1 - debug)
LOG_LEVEL=0
NFQUEUE_NUM=200
USER=nobody
CONFIG_VERSION=2Интерфейс вроде тот.
root@OpenWrt:/var/log# cat nfqws.log - пустой
root@OpenWrt:/etc/nfqws# /etc/init.d/firewall stop
root@OpenWrt:/etc/nfqws# /etc/init.d/firewall disable
root@OpenWrt:/etc/nfqws# rebootудалил nftables
не помогает
masyanich
commented
1 month ago Логи при попытке просмотра youtube (включил syslog=1 в настройках)
Thu Oct 3 15:58:29 2024 user.debug nfqws[2597]: desync profile 1 matches
Thu Oct 3 15:58:29 2024 user.debug nfqws[2597]: packet: id=157 pass unmodified
Thu Oct 3 15:58:31 2024 user.debug nfqws[2597]: packet: id=158 len=64 mark=00000000
Thu Oct 3 15:58:31 2024 user.debug nfqws[2597]: IP4: 192.168.209.193 => 64.233.165.95 proto=tcp ttl=63 sport=60398 dport=443 flags=S seq=1873810433 ack_seq=0
Thu Oct 3 15:58:31 2024 user.debug nfqws[2597]: desync profile search for hostname='' ipv6=0 tcp_port=443 udp_port=0
Thu Oct 3 15:58:31 2024 user.debug nfqws[2597]: desync profile 1 matches
Thu Oct 3 15:58:31 2024 user.debug nfqws[2597]: packet: id=158 pass unmodified
Thu Oct 3 15:58:33 2024 user.debug nfqws[2597]: packet: id=159 len=40 mark=00000000
Thu Oct 3 15:58:33 2024 user.debug nfqws[2597]: IP4: 192.168.209.193 => 81.177.123.76 proto=tcp ttl=63 sport=52477 dport=443 flags=AR seq=3959058417 ack_seq=1415084977
Thu Oct 3 15:58:33 2024 user.debug nfqws[2597]: using cached desync profile 1
Thu Oct 3 15:58:33 2024 user.debug nfqws[2597]: packet: id=159 pass unmodified
Thu Oct 3 15:58:35 2024 user.debug nfqws[2597]: packet: id=160 len=40 mark=00000000
Thu Oct 3 15:58:35 2024 user.debug nfqws[2597]: IP4: 192.168.209.193 => 64.233.165.198 proto=tcp ttl=63 sport=60384 dport=443 flags=AR seq=2941808171 ack_seq=1281244496
Thu Oct 3 15:58:35 2024 user.debug nfqws[2597]: using cached desync profile 1
Thu Oct 3 15:58:35 2024 user.debug nfqws[2597]: packet: id=160 pass unmodified
Thu Oct 3 15:58:36 2024 user.debug nfqws[2597]: packet: id=161 len=64 mark=00000000
Thu Oct 3 15:58:36 2024 user.debug nfqws[2597]: IP4: 192.168.209.193 => 173.194.222.198 proto=tcp ttl=63 sport=60399 dport=443 flags=S seq=1267977218 ack_seq=0
Thu Oct 3 15:58:36 2024 user.debug nfqws[2597]: desync profile search for hostname='' ipv6=0 tcp_port=443 udp_port=0
Thu Oct 3 15:58:36 2024 user.debug nfqws[2597]: desync profile 1 matches
Thu Oct 3 15:58:36 2024 user.debug nfqws[2597]: packet: id=161 pass unmodified
Thu Oct 3 15:58:36 2024 user.debug nfqws[2597]: packet: id=162 len=40 mark=00000000
Thu Oct 3 15:58:36 2024 user.debug nfqws[2597]: IP4: 192.168.209.193 => 64.233.165.95 proto=tcp ttl=63 sport=60398 dport=443 flags=R seq=1873810952 ack_seq=0
Thu Oct 3 15:58:36 2024 user.debug nfqws[2597]: using cached desync profile 1
Thu Oct 3 15:58:36 2024 user.debug nfqws[2597]: packet: id=162 pass unmodified
Thu Oct 3 15:58:37 2024 user.debug nfqws[2597]: packet: id=163 len=52 mark=00000000
Thu Oct 3 15:58:37 2024 user.debug nfqws[2597]: IP4: 192.168.209.50 => 74.125.205.102 proto=tcp ttl=127 sport=4691 dport=443 flags=S seq=1282300736 ack_seq=0
Thu Oct 3 15:58:37 2024 user.debug nfqws[2597]: desync profile search for hostname='' ipv6=0 tcp_port=443 udp_port=0
Thu Oct 3 15:58:37 2024 user.debug nfqws[2597]: desync profile 1 matches
Thu Oct 3 15:58:37 2024 user.debug nfqws[2597]: packet: id=163 pass unmodified
Thu Oct 3 15:58:37 2024 user.debug nfqws[2597]: packet: id=164 len=64 mark=00000000
Thu Oct 3 15:58:37 2024 user.debug nfqws[2597]: IP4: 192.168.209.193 => 81.177.123.76 proto=tcp ttl=63 sport=52483 dport=443 flags=S seq=3373213716 ack_seq=0
Thu Oct 3 15:58:37 2024 user.debug nfqws[2597]: desync profile search for hostname='' ipv6=0 tcp_port=443 udp_port=0
Thu Oct 3 15:58:37 2024 user.debug nfqws[2597]: desync profile 1 matches
Thu Oct 3 15:58:37 2024 user.debug nfqws[2597]: packet: id=164 pass unmodifiedКажется, все работает как должно. NFQWS запускается. Закрываю. Если есть другие проблемы - создайте другую задачу.
masyanich
commented
1 month ago Сервис та в состоянии "запущен", но root@OpenWrt:~# iptables -t filter -L --line-numbers -n Chain INPUT (policy ACCEPT) num target prot opt source destination
Chain FORWARD (policy ACCEPT) num target prot opt source destination
Chain OUTPUT (policy ACCEPT) num target prot opt source destination
Правил в IPTABLES нет при попытке добавить
root@OpenWrt:~# iptables -A POSTROUTING -o br-lan -p udp -m udp --dport 443 -m c onnbytes --connbytes 1:8 --connbytes-mode packets --connbytes-dir original -m ma rk ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass iptables: No chain/target/match by that name.
может подскажите что?
Anonym-tsk
commented
1 month ago oot@OpenWrt:/etc/nfqws# iptables-save | grep "queue-num 200" -A POSTROUTING -o br-lan -p udp -m udp --dport 443 -m connbytes --connbytes 1:8 --connbytes-mode packets --connbytes-dir original -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass -A POSTROUTING -o br-lan -p tcp -m tcp --dport 443 -m connbytes --connbytes 1:8 --connbytes-mode packets --connbytes-dir original -m mark ! --mark 0x40000000/0x40000000 -j NFQUEUE --queue-num 200 --queue-bypass
Вот же правила были у вас
Anonym-tsk
commented
1 month ago iptables: No chain/target/match by that name.
Таблицу указать забыли
Подробно опишите проблему Нет пакета для архитектуры x86, на виртуалках было бы здорово крутить на openwrt
Какое решение вы предлагаете? Создать пакет под указанную архитектуру.